OK, I found a message that Sniffer identified as spam and ran it through
SA manually and following are results:
[mail:/home/vmail/taisweb.net/archive_received/Maildir] 9:22am#
spamassassin --siteconfigpath=/usr/local/etc/mail/spamassassin -x -t
.jlee/new/1237155804.M27154P10624V0000005CI0051B175_0.mail.taisweb.net,S
=3981
Return-Path: <sys...@blogsuccess.com>
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
mail.taisweb.net
X-Spam-GBUdb-Analysis: 2, 67.131.25.27, Ugly c=0 p=0 Source New
X-Spam-Status: No, score=-1.8 required=5.0
tests=HABEAS_ACCREDITED_COI,SNF4SA,
URIBL_GREY autolearn=disabled version=3.2.1
X-Spam-SNF-Result: 62 (Obfuscation Techniques)
X-Spam-DCC: CollegeOfNewCaledonia: mail.taisweb.net 1189; Body=1 Fuz1=1
Fuz2=1
X-Spam-Level:
X-Spam-MessageSniffer-Rules:
62-469556-2307-2317-m
62-469556-4261-4271-m
62-469556-0-5994-f
X-Spam-MessageSniffer-Scan-Result:
X-Original-To: archive_received+j...@taisweb.net
Delivered-To: archive_received+j...@taisweb.net
Received: from localhost (localhost.taisweb.net [127.0.0.1])
by mail.taisweb.net (Postfix) with ESMTP id D7B292B2C87
for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:23 -0400 (EDT)
X-Virus-Scanned: amavisd-new at taisweb.net
Received: from mx1.rmslink.net (mx1.rmslink.net [68.118.154.10])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.taisweb.net (Postfix) with ESMTP id 65A522B2C92
for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:20 -0400 (EDT)
Received: from platinum-smtp.infusionsoft.com
(blogsuccess.platinum-smtp.infusionsoft.com [67.131.25.27])
by mx1.rmslink.net (Postfix) with ESMTP id 1EBDC39824
for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:19 -0400 (EDT)
Received: from gil (unknown [10.3.0.124])
by smtp29.infusionsoft.com (Postfix) with ESMTP id 1B41B20841874
for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:19 -0400 (EDT)
Date: Sun, 15 Mar 2009 18:23:19 -0400 (EDT)
From: Jack Humphrey <listrespo...@blogsuccess.com>
Sender: sys...@blogsuccess.com
To: j...@taisweb.net
Message-ID: <1429329783.1408551237155799111.javamail.tom...@gil>
Subject: J, this is BIG news!
Errors-To: sys...@blogsuccess.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
BatchId: 27269
X-BatchId: 27269
X-campaignid: infusion_blogsuccess27269
X-InfApp: blogsuccess
X-BBounce: blogsuccess_3812781
X-InfContact: 235195
X-InfSent: 3812781
Package: platinum
X-inf-package: platinum
X-inf-source: MailBatchFulfillRequest
X-MinStatusFlags: Double Opt-In
X-MaxStatusFlags: Double Opt-In
X-inf-uflags: Double Opt-In
X-inf-iflags: Double Opt-In
X-Virus-Scanned: ClamAV 0.94.2/9110/Sun Mar 15 01:06:44 2009 on
mx1.rmslink.net
X-Virus-Status: Clean
[SNIP.../]
Content preview: J, I have some news to share with you. Some BIG news
Mike
Filsaime has announced that he is GIVING AWAY 5000 Home Study courses
of Butterfly
Marketing. [...]
Content analysis details: (-1.8 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or
Better
[67.131.25.27 listed in
sa-accredit.habeas.com]
6.0 SNF4SA Message Sniffer
0.2 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: infusionsoft.com]
So the SNF4SA plugin is correctly returning the weight when run manually
through SA. I will report this to the amavisd-new list to see if anyone
has any ideas.
Dan Horne
TAIS
Director of Operations
www.taisweb.net
supp...@taisweb.net
828.252.TAIS (8247)
> -----Original Message-----
> From: Message Sniffer Community [mailto:snif...@sortmonster.com] On
Behalf Of
> Dan Horne
> Sent: Friday, May 15, 2009 9:23 AM
> To: Message Sniffer Community
> Subject: [sniffer] Re: SNF4SA - Message Sniffer Antispam Plugin for
> SpamAssassin
>
> Sorry, forgot to CC all:
>
> No the weight=1 issue is not yet resolved. In fact, I have been able
to
> determine that snf4sa is actually querying snfserver properly. I
> removed the old plugin so only snf4sa is loaded by SA. I then tailed
> the sniffer log and see items like this continuing to scroll by:
>
> <s u='20090515130114' m='/tmp/snf4sa/dL5Q6vQZ9G' s='52' r='2266218'>
> <m s='52' r='2266218' i='906' e='949' f='m'/>
> <p s='0' t='44' l='65536' d='56'/>
> <g o='0' i='67.23.34.175' t='u' c='0.936317' p='-0.0474465'
> r='Normal'/>
> </s>
>
> Note the path to the temp file /tmp/snf4sa/....
> That tells me that everything is working properly except the returning
> of the score to SA.
>
> I have tried running test messages through SA manually and the SNF4SA
> headers get inserted properly, but I haven't yet run through a message
> that sniffer identified as spam. I will attempt to get one of those
and
> run it through SA manually to see if SNF4SA returns the correct weight
> when it identifies the spam.
>
> I will also join the amavisd-new list and see if anyone there can shed
> some light.
>
> Dan Horne
> TAIS
> Director of Operations
> www.taisweb.net
> supp...@taisweb.net
> 828.252.TAIS (8247)
>
>
> > -----Original Message-----
> > From: Pete McNeil [mailto:madscient...@armresearch.com]
> > Sent: Thursday, May 14, 2009 6:27 PM
> > To: Alban Deniz
> > Cc: Dan Horne
> > Subject: Re: [sniffer] Re: SNF4SA - Message Sniffer Antispam Plugin
> for
> > SpamAssassin
> >
> > Alban Deniz wrote:
> >
> > <snip/>
> > > > 1) I'll look at the SA3 and SNF4SA plugins to see if I can
> determine the
> > > > reason for the timeout, and a solution. Pete mentioned that one
> major
> > > > difference is that SNF4SA uses a TCP connection to communicate
> with
> > > > SNFServer, while SA3 uses SNFClient.
> > >
> > >
> > > The only possibility I can think of is that the snf4sa plugin
> doesn't
> > > wait long enough when running under amavisd-new. The timeout in
> snf4sa
> > > is set to 1 second, which is long enough when snf4sa is run by the
> > > spamassassin command line. It might not be long enough when
running
> > > under amavisd-new. I don't think this is the problem. However, if
> you
> > > don't mind trying a longer timeout, here's how to change it: Edit
> > > snf4sa.pm, changing line 72 from
> > >
> > >
> > > $self->{SNF_Timeout} = 1;
> > >
> > >
> > > to
> > >
> > >
> > > $self->{SNF_Timeout} = 10;
> > >
> > >
> > > Of course, a 10 second delay to process an email is unacceptable;
> this
> > > would simply point us in the right direction. Please let me know
if
> > > can try this.
> > Hey guys...
> >
> > The timeout used in the SNFClient is on the order of 30 seconds---
10
> to
> > get a connection, 20 more to get an answer. When a system is busy it
> can
> > take a few seconds for other requests that have already started to
be
> > processed. The overall throughput is much higher than the individual
> > message timeout may suggest.
> >
> > I recommend allowing at least 10 seconds -- though 30 might be more
> > appropriate.
> >
> > Note also that I've seen SA itself take as long as 10-15 seconds to
> > process a message (depending on conditions) and it is roughly
nominal
> to
> > see it take 1 - 3 seconds per message in many configurations. SNF is
> > usually much quicker -- but we can't make assumptions about what
else
> > may be happening on the system at any moment -- especially during
> > start-up conditions where incoming messages might be queued
elsewhere
> > and ready to cause a rush.
> >
> > Also -- isn't it reasonable that if SNF4SA does timeout it should
> > provide a 0 weight instead of 1 ??
> >
> > Is that issues resolved?
> >
> > Thanks for keeping me in the loop.
> >
> > _M
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <sniffer@sortmonster.com>.
> To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
> To switch to the DIGEST mode, E-mail to
<sniffer-dig...@sortmonster.com>
> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
> Send administrative queries to <sniffer-requ...@sortmonster.com>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
